On Fri, Nov 03, 2000 at 05:28:37PM -0500, Greg A. Woods wrote:
>
> > I
> > really, really don't like the idea of implementing zillions of
> > special-purpose "uid"s.
>
> That's more or less irrelevant since in the Unix security model as it is
> generally interpreted and implemented the only correct solution is to
> define unique special-purposed IDs to separate out privilege amongst
> otherwise unprivileged users. (True "privilege" is reserved for one,
> and only one, ID in Unix: the superuser.)
I think you miss the point. When I say that I don't like the idea of
implementing zillions of special purpose "uid"s, it is in the context
of the previous proposal that we add a "fsuid" as we have an "euid", a
"ruid", and in some Unices a "saved set-user id". I have no quibble
with doling privilege out to different user IDs to restrict its scope;
I *do* have a serious quibble with the half-baked notion of a "uid for
filesystem purposes", a "uid for network purposes" and so forth. If you
really want to go *there*, a capability model would serve the same
purpose much better, I think.
Thor